Kubernetes Gets Storage, Security Upgrades

As more distributed applications are delivered via containers, managing them at scale has become a key requirement. That has spurred extensions of container orchestration tools such as Docker Swarm and Kubernetes. In the latter's case, those extensions include new ways to customize services while adding features like persistent container storage.

With those requirements in mind, the latest version of Kubernetes released at the end of June includes new stateful workloads updates along with security and system extensions. The stateful workloads improvements also include enhancements such as local storage of stateful applications.

Persistent container storage for Kubernetes also is the focus of a server storage-area network aimed at hyper-scale deployments based on the container orchestrator. Excelero, a software-defined block storage specialist headquartered in San Jose, Calif., said its persistent storage offering for Kubernetes Pods (the smallest units that can be deployed and managed by the orchestrator) aims to improve container performance by leveraging NVM Express deployments in datacenters.

The company claims its platform is among the first to capitalize on pooled, redundant storage based on NVMe for container applications requiring persistent volumes. Indeed, persistent storage has emerged as a key hurdle to deploying application containers in production, industry surveys have found, including persistent storage that scales for stateful applications.

Excelero makes the case that developers want "the local performance of flash but the flexibility and data protection of centralized storage." Its storage platform leverages the Kubernetes orchestration layer to deliver "pooled NVMe," an approach in which containers in a pod can access persistent storage.

Meanwhile, Kubernetes version 1.7 provides automated updates of stateful applications such as the Apache Kafka stream-processing platform and the etcd open source key-value store from CoreOS.

Other enhancements include early support for access to local storage volumes to boost the performance of stateful applications, according to Kubernetes community blog post.

San Francisco-based CoreOS, a key upstream developer of Kubernetes, added in a separate post that the goal of the latest version of the Google-backed container orchestrator "is to make it so that developers can deploy new features based on a stable, featureful, core Kubernetes system, enabling new features to be added on demand."

Along with storage and other performance enhancement, the latest version also includes new security features such as a stable network policy for enforcing rules governing which Kubernetes pods can communication with each other. That feature is intended to improve isolation and therefore the security of individual application containers.

Other security features include encryption for key-value stores like etcd along with audit logs stored in an API server.

The latest version of Kubernetes is being released as the container orchestrator gains traction in hybrid cloud and other infrastructure deployments. According to a recent container adoption survey commissioned by CoreOS, 71 percent of IT managers surveyed by 451 Research said they are using Kubernetes to support hybrid cloud deployments.

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).